Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Olmarik.AWO trojan


  • Please log in to reply
7 replies to this topic

#1 Emmibon

Emmibon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:48 PM

Posted 24 December 2011 - 10:35 PM

Hi guys... When I run AVG, SAS and MalwareBytes they come out clean but my computer is running really slow. I ran ESET online scanner and it found a threat (Win32/Olmarik.AWO trojan) but failed to remove it.

Under "Target" it says Operating Memory if that helps.

Does anyone know how to get rid of this? Thank you so much!!

Edited by hamluis, 25 December 2011 - 12:08 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:48 PM

Posted 24 December 2011 - 11:20 PM

Hello and welcome.. Please post the ESET log.
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Emmibon

Emmibon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:48 PM

Posted 25 December 2011 - 03:01 AM

(I hope this is what you need?)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=423e9d3cc2f4364fb097f4f31364ba44
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-25 07:27:27
# local_time=2011-12-25 01:27:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777174 100 95 0 67848845 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=142685
# found=1
# cleaned=0
# scan_time=5345
${Memory} a variant of Win32/Olmarik.AWO trojan 00000000000000000000000000000000 I

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:48 PM

Posted 25 December 2011 - 12:57 PM

Thanks ,that is it. Please do this next.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Emmibon

Emmibon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:48 PM

Posted 25 December 2011 - 05:00 PM

This is the results of the TDSSKiller. Do I need to quarantine the found object? I wanted to make sure I did this correctly before I run MalwareBytes again.

Also, it did not prompt me to restart after the scan.

15:52:05.0562 1044 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:52:05.0937 1044 ============================================================
15:52:05.0937 1044 Current date / time: 2011/12/25 15:52:05.0937
15:52:05.0937 1044 SystemInfo:
15:52:05.0937 1044
15:52:05.0937 1044 OS Version: 5.1.2600 ServicePack: 3.0
15:52:05.0937 1044 Product type: Workstation
15:52:05.0937 1044 ComputerName: DELL-D999CB1682
15:52:05.0937 1044 UserName: Dell
15:52:05.0937 1044 Windows directory: C:\WINDOWS
15:52:05.0937 1044 System windows directory: C:\WINDOWS
15:52:05.0937 1044 Processor architecture: Intel x86
15:52:05.0937 1044 Number of processors: 2
15:52:05.0937 1044 Page size: 0x1000
15:52:05.0937 1044 Boot type: Safe boot with network
15:52:05.0937 1044 ============================================================
15:52:08.0937 1044 Initialize success
15:52:14.0718 1412 ============================================================
15:52:14.0718 1412 Scan started
15:52:14.0718 1412 Mode: Manual;
15:52:14.0718 1412 ============================================================
15:52:16.0890 1412 A5AGU (304d8a51672c760f5d92d73652e8fbfc) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
15:52:16.0937 1412 A5AGU - ok
15:52:17.0000 1412 Abiosdsk - ok
15:52:17.0125 1412 abp480n5 - ok
15:52:17.0234 1412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:52:17.0234 1412 ACPI - ok
15:52:17.0281 1412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:52:17.0281 1412 ACPIEC - ok
15:52:17.0312 1412 adpu160m - ok
15:52:17.0375 1412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:52:17.0375 1412 aec - ok
15:52:17.0453 1412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:52:17.0453 1412 AFD - ok
15:52:17.0453 1412 Aha154x - ok
15:52:17.0484 1412 aic78u2 - ok
15:52:17.0500 1412 aic78xx - ok
15:52:17.0546 1412 AliIde - ok
15:52:17.0578 1412 amsint - ok
15:52:17.0656 1412 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
15:52:17.0656 1412 ANIO - ok
15:52:17.0875 1412 asc - ok
15:52:17.0890 1412 asc3350p - ok
15:52:17.0906 1412 asc3550 - ok
15:52:18.0000 1412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:52:18.0000 1412 AsyncMac - ok
15:52:18.0015 1412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:52:18.0015 1412 atapi - ok
15:52:18.0062 1412 Atdisk - ok
15:52:18.0109 1412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:52:18.0109 1412 Atmarpc - ok
15:52:18.0171 1412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:52:18.0171 1412 audstub - ok
15:52:18.0281 1412 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:52:18.0296 1412 AVGIDSDriver - ok
15:52:18.0343 1412 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:52:18.0343 1412 AVGIDSEH - ok
15:52:18.0406 1412 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:52:18.0406 1412 AVGIDSFilter - ok
15:52:18.0468 1412 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:52:18.0468 1412 AVGIDSShim - ok
15:52:18.0546 1412 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:52:18.0562 1412 Avgldx86 - ok
15:52:18.0593 1412 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:52:18.0593 1412 Avgmfx86 - ok
15:52:18.0656 1412 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:52:18.0656 1412 Avgrkx86 - ok
15:52:18.0718 1412 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:52:18.0718 1412 Avgtdix - ok
15:52:18.0796 1412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:52:18.0796 1412 Beep - ok
15:52:18.0875 1412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:52:18.0875 1412 cbidf2k - ok
15:52:18.0906 1412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:52:18.0906 1412 CCDECODE - ok
15:52:18.0921 1412 cd20xrnt - ok
15:52:19.0000 1412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:52:19.0000 1412 Cdaudio - ok
15:52:19.0031 1412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:52:19.0031 1412 Cdfs - ok
15:52:19.0078 1412 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:52:19.0078 1412 Cdrom - ok
15:52:19.0156 1412 Changer - ok
15:52:19.0234 1412 CmdIde - ok
15:52:19.0281 1412 Cpqarray - ok
15:52:19.0312 1412 dac2w2k - ok
15:52:19.0343 1412 dac960nt - ok
15:52:19.0437 1412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:52:19.0437 1412 Disk - ok
15:52:19.0515 1412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:52:19.0546 1412 dmboot - ok
15:52:19.0562 1412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:52:19.0578 1412 dmio - ok
15:52:19.0640 1412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:52:19.0640 1412 dmload - ok
15:52:19.0703 1412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:52:19.0703 1412 DMusic - ok
15:52:19.0734 1412 dpti2o - ok
15:52:19.0765 1412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:52:19.0765 1412 drmkaud - ok
15:52:19.0890 1412 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:52:19.0890 1412 e1express - ok
15:52:19.0984 1412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:52:19.0984 1412 Fastfat - ok
15:52:20.0046 1412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:52:20.0046 1412 Fdc - ok
15:52:20.0062 1412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:52:20.0062 1412 Fips - ok
15:52:20.0093 1412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:52:20.0093 1412 Flpydisk - ok
15:52:20.0125 1412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:52:20.0125 1412 FltMgr - ok
15:52:20.0140 1412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:52:20.0140 1412 Fs_Rec - ok
15:52:20.0171 1412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:52:20.0187 1412 Ftdisk - ok
15:52:20.0218 1412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:52:20.0218 1412 GEARAspiWDM - ok
15:52:20.0281 1412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:52:20.0281 1412 Gpc - ok
15:52:20.0359 1412 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:52:20.0359 1412 HDAudBus - ok
15:52:20.0437 1412 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:52:20.0437 1412 hidusb - ok
15:52:20.0468 1412 hpn - ok
15:52:20.0531 1412 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:52:20.0531 1412 HPZid412 - ok
15:52:20.0718 1412 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:52:20.0718 1412 HPZipr12 - ok
15:52:20.0796 1412 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:52:20.0796 1412 HPZius12 - ok
15:52:20.0843 1412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:52:20.0859 1412 HTTP - ok
15:52:20.0875 1412 i2omgmt - ok
15:52:20.0906 1412 i2omp - ok
15:52:20.0937 1412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
15:52:20.0937 1412 i8042prt - ok
15:52:21.0203 1412 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:52:21.0359 1412 ialm - ok
15:52:21.0437 1412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:52:21.0437 1412 Imapi - ok
15:52:21.0468 1412 ini910u - ok
15:52:21.0687 1412 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:52:21.0843 1412 IntcAzAudAddService - ok
15:52:21.0859 1412 IntelIde - ok
15:52:21.0921 1412 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:52:21.0921 1412 intelppm - ok
15:52:21.0953 1412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:52:21.0953 1412 Ip6Fw - ok
15:52:21.0984 1412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:52:21.0984 1412 IpFilterDriver - ok
15:52:22.0015 1412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:52:22.0015 1412 IpInIp - ok
15:52:22.0062 1412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:52:22.0062 1412 IpNat - ok
15:52:22.0093 1412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:52:22.0093 1412 IPSec - ok
15:52:22.0140 1412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:52:22.0140 1412 IRENUM - ok
15:52:22.0203 1412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:52:22.0203 1412 isapnp - ok
15:52:22.0281 1412 JSWSCIMD (335a35f4c6c3eee724201eafcd6ffc46) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:52:22.0281 1412 JSWSCIMD - ok
15:52:22.0468 1412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:52:22.0468 1412 Kbdclass - ok
15:52:22.0484 1412 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:52:22.0484 1412 kbdhid - ok
15:52:22.0562 1412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:52:22.0562 1412 kmixer - ok
15:52:22.0609 1412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:52:22.0609 1412 KSecDD - ok
15:52:22.0687 1412 lbrtfdc - ok
15:52:22.0812 1412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:52:22.0812 1412 mnmdd - ok
15:52:22.0875 1412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:52:22.0875 1412 Modem - ok
15:52:22.0890 1412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:52:22.0890 1412 Mouclass - ok
15:52:22.0921 1412 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:52:22.0921 1412 mouhid - ok
15:52:22.0984 1412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:52:22.0984 1412 MountMgr - ok
15:52:23.0000 1412 mraid35x - ok
15:52:23.0031 1412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:52:23.0031 1412 MRxDAV - ok
15:52:23.0125 1412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:52:23.0156 1412 MRxSmb - ok
15:52:23.0203 1412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:52:23.0218 1412 Msfs - ok
15:52:23.0312 1412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:52:23.0312 1412 MSKSSRV - ok
15:52:23.0328 1412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:52:23.0328 1412 MSPCLOCK - ok
15:52:23.0343 1412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:52:23.0343 1412 MSPQM - ok
15:52:23.0375 1412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:52:23.0375 1412 mssmbios - ok
15:52:23.0406 1412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:52:23.0406 1412 MSTEE - ok
15:52:23.0421 1412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:52:23.0421 1412 Mup - ok
15:52:23.0468 1412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:52:23.0468 1412 NABTSFEC - ok
15:52:23.0515 1412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:52:23.0515 1412 NDIS - ok
15:52:23.0562 1412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:52:23.0562 1412 NdisIP - ok
15:52:23.0578 1412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:52:23.0578 1412 NdisTapi - ok
15:52:23.0625 1412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:52:23.0625 1412 Ndisuio - ok
15:52:23.0765 1412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:52:23.0765 1412 NdisWan - ok
15:52:23.0828 1412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:52:23.0828 1412 NDProxy - ok
15:52:23.0843 1412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:52:23.0843 1412 NetBIOS - ok
15:52:23.0921 1412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:52:23.0921 1412 NetBT - ok
15:52:24.0015 1412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:52:24.0015 1412 Npfs - ok
15:52:24.0031 1412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:52:24.0046 1412 Ntfs - ok
15:52:24.0125 1412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:52:24.0125 1412 Null - ok
15:52:24.0171 1412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:52:24.0171 1412 NwlnkFlt - ok
15:52:24.0203 1412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:52:24.0203 1412 NwlnkFwd - ok
15:52:24.0265 1412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:52:24.0265 1412 Parport - ok
15:52:24.0312 1412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:52:24.0312 1412 PartMgr - ok
15:52:24.0359 1412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:52:24.0359 1412 ParVdm - ok
15:52:24.0375 1412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:52:24.0375 1412 PCI - ok
15:52:24.0390 1412 PCIDump - ok
15:52:24.0421 1412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:52:24.0421 1412 PCIIde - ok
15:52:24.0453 1412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:52:24.0453 1412 Pcmcia - ok
15:52:24.0468 1412 PDCOMP - ok
15:52:24.0500 1412 PDFRAME - ok
15:52:24.0515 1412 PDRELI - ok
15:52:24.0546 1412 PDRFRAME - ok
15:52:24.0562 1412 perc2 - ok
15:52:24.0609 1412 perc2hib - ok
15:52:24.0718 1412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:52:24.0718 1412 PptpMiniport - ok
15:52:24.0765 1412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:52:24.0765 1412 PSched - ok
15:52:24.0828 1412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:52:24.0828 1412 Ptilink - ok
15:52:24.0859 1412 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:52:24.0859 1412 PxHelp20 - ok
15:52:24.0890 1412 ql1080 - ok
15:52:24.0906 1412 Ql10wnt - ok
15:52:24.0921 1412 ql12160 - ok
15:52:24.0953 1412 ql1240 - ok
15:52:24.0968 1412 ql1280 - ok
15:52:25.0000 1412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:52:25.0000 1412 RasAcd - ok
15:52:25.0031 1412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:52:25.0031 1412 Rasl2tp - ok
15:52:25.0062 1412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:52:25.0062 1412 RasPppoe - ok
15:52:25.0093 1412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:52:25.0093 1412 Raspti - ok
15:52:25.0140 1412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:52:25.0140 1412 Rdbss - ok
15:52:25.0156 1412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:52:25.0156 1412 RDPCDD - ok
15:52:25.0234 1412 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:52:25.0234 1412 RDPWD - ok
15:52:25.0296 1412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:52:25.0296 1412 redbook - ok
15:52:25.0515 1412 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:52:25.0515 1412 SASDIFSV - ok
15:52:25.0578 1412 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:52:25.0578 1412 SASKUTIL - ok
15:52:25.0703 1412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:52:25.0703 1412 Secdrv - ok
15:52:25.0812 1412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:52:25.0812 1412 Serial - ok
15:52:25.0890 1412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:52:25.0890 1412 Sfloppy - ok
15:52:25.0921 1412 Simbad - ok
15:52:25.0984 1412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:52:25.0984 1412 SLIP - ok
15:52:26.0062 1412 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:52:26.0062 1412 SONYPVU1 - ok
15:52:26.0093 1412 Sparrow - ok
15:52:26.0125 1412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:52:26.0125 1412 splitter - ok
15:52:26.0171 1412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:52:26.0171 1412 sr - ok
15:52:26.0250 1412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:52:26.0250 1412 Srv - ok
15:52:26.0359 1412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:52:26.0359 1412 streamip - ok
15:52:26.0375 1412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:52:26.0375 1412 swenum - ok
15:52:26.0437 1412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:52:26.0437 1412 swmidi - ok
15:52:26.0468 1412 symc810 - ok
15:52:26.0500 1412 symc8xx - ok
15:52:26.0515 1412 sym_hi - ok
15:52:26.0546 1412 sym_u3 - ok
15:52:26.0562 1412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:52:26.0562 1412 sysaudio - ok
15:52:26.0671 1412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:52:26.0687 1412 Tcpip - ok
15:52:26.0734 1412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:52:26.0734 1412 TDPIPE - ok
15:52:26.0765 1412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:52:26.0765 1412 TDTCP - ok
15:52:26.0781 1412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:52:26.0781 1412 TermDD - ok
15:52:26.0828 1412 TosIde - ok
15:52:26.0890 1412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:52:26.0906 1412 Udfs - ok
15:52:26.0906 1412 ultra - ok
15:52:26.0984 1412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:52:26.0984 1412 Update - ok
15:52:27.0078 1412 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:52:27.0078 1412 USBAAPL - ok
15:52:27.0171 1412 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:52:27.0171 1412 usbaudio - ok
15:52:27.0234 1412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:52:27.0234 1412 usbccgp - ok
15:52:27.0296 1412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:52:27.0296 1412 usbehci - ok
15:52:27.0312 1412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:52:27.0312 1412 usbhub - ok
15:52:27.0437 1412 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:52:27.0437 1412 usbprint - ok
15:52:27.0515 1412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:52:27.0515 1412 usbscan - ok
15:52:27.0562 1412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:52:27.0562 1412 USBSTOR - ok
15:52:27.0609 1412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:52:27.0609 1412 usbuhci - ok
15:52:27.0687 1412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:52:27.0687 1412 VgaSave - ok
15:52:27.0703 1412 ViaIde - ok
15:52:27.0750 1412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:52:27.0750 1412 VolSnap - ok
15:52:27.0937 1412 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
15:52:28.0218 1412 VX3000 - ok
15:52:28.0359 1412 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
15:52:28.0359 1412 wacmoumonitor - ok
15:52:28.0390 1412 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
15:52:28.0390 1412 wacommousefilter - ok
15:52:28.0468 1412 wacomvhid (d412d2cc82c3d469415758cab44875a4) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
15:52:28.0468 1412 wacomvhid - ok
15:52:28.0484 1412 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
15:52:28.0484 1412 WacomVKHid - ok
15:52:28.0531 1412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:52:28.0531 1412 Wanarp - ok
15:52:28.0546 1412 WDICA - ok
15:52:28.0609 1412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:52:28.0609 1412 wdmaud - ok
15:52:28.0843 1412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:52:28.0843 1412 WSTCODEC - ok
15:52:29.0015 1412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:52:29.0015 1412 WudfPf - ok
15:52:29.0109 1412 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:52:29.0109 1412 WudfRd - ok
15:52:29.0218 1412 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
15:52:29.0234 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:52:29.0234 1412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:52:29.0281 1412 Boot (0x1200) (b9ecf3597343bbe0bfb40ff770cd581e) \Device\Harddisk0\DR0\Partition0
15:52:29.0281 1412 \Device\Harddisk0\DR0\Partition0 - ok
15:52:29.0281 1412 ============================================================
15:52:29.0281 1412 Scan finished
15:52:29.0281 1412 ============================================================
15:52:29.0328 1624 Detected object count: 1
15:52:29.0328 1624 Actual detected object count: 1
15:54:29.0484 1624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
15:54:29.0484 1624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:48 PM

Posted 25 December 2011 - 09:34 PM

Yes select Cure first if available or quarantine.
Then rerun MBAM
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Emmibon

Emmibon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:48 PM

Posted 26 December 2011 - 12:25 AM

Okay, cured the infection and restarted. Malwarebytes came out clean and the computer appears to be running normally again. Do I need to do anything else? Thank you so much!! I could have never done it without your help. :)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122503

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/25/2011 4:23:15 PM
mbam-log-2011-12-25 (16-23-15).txt

Scan type: Quick scan
Objects scanned: 171307
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:48 PM

Posted 26 December 2011 - 10:45 AM

Excellent!! If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users